[curves] curve25519-donna stack usage

Mike Hamburg mike at shiftleft.org
Fri Dec 9 10:52:33 PST 2016


OK, I’ve released my tiny x25519 code as open source.  This is the platform-agnostic version.  The ARM asm version isn’t there, it’s staying proprietary for now :-/.  But you can get most of the effect by intrinsic’ing umaal and friends.

https://sourceforge.net/p/strobe/code/ci/master/tree/x25519.c <https://sourceforge.net/p/strobe/code/ci/master/tree/x25519.c>
https://sourceforge.net/p/strobe/code/ci/master/tree/x25519.h <https://sourceforge.net/p/strobe/code/ci/master/tree/x25519.h>

Presumably this code could be accelerated somewhat by using a dedicated sqr() routine, or by unrolling loops and inlining code.  Maybe I’ll get around to that at some point, but there’s a bunch more to be done with that repository to make it useful.

These files also have a totally nonstandard signature implementation, the only real advantage of which is that it adds very little code.

Let me know what you think, or if you find any bugs or missing features.

Cheers,
— Mike

> On Nov 9, 2016, at 4:13 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> 
> I just tried out the so called "tweet nacl implementation", because it
> has very tiny stack requirements. It was 26 times slower than donna.
> Wow!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20161209/a6711a93/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3693 bytes
Desc: not available
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20161209/a6711a93/attachment.bin>


More information about the Curves mailing list